3 Amtrak Office of Inspector General Summary of Report: Why the OIG issued this report Amtrak s Strategic Asset Management (SAM) program is estimated to cost as much as $401 million. The goal of the program is to transform key business operations such as finance and logistics by replacing or enhancing many manual and automated systems. The OIG reviewed the program given its cost and importance to business operations. The first segment referred to as R1a is scheduled to be implemented in June Our audit objective was to determine whether the R1a s implementation approach effectively addresses business disruption risks. What the OIG Recommends We briefed Amtrak officials as issues were identified during the course of our work and they have taken certain actions. At this time, before R1a implementation, we recommend actions to: 1. Resolve issues with interfaces, data conversion, network infrastructure, and contingency plans for continuity. 2. Involve the Process Leadership Team members in making a go no-go decision to move forward with the R1a deployment. We also recommend actions to help improve the effectiveness of the SAM program s remaining segments. Management agreed with all of our recommendations except one. Strategic Asset Management Program: Further Actions Should Be Taken To Reduce Business Disruption Risk What the OIG Found The SAM management team has developed and is implementing a detailed approach to test and mitigate business disruption risks associated with the implementation of R1a. However, we identified several gaps in the testing and contingency plans. Left unaddressed, these gaps leave Amtrak vulnerable to business disruptions that would reduce revenues, increase costs, and negatively impact customer service. The R1a has a large scope that includes 33 separate software applications that are linked by 81 separate financial, logistics and operational data exchange interfaces. The implementation timeframe is relatively aggressive compared to private sector best practices. The two year schedule is about half the time it took a private sector firm to implement a similar effort. Also, all software systems will be deployed at the same time versus incrementally, increasing the complexity of the implementation. The SAM management team has been assessing and testing for risks associated with an R1a software deployment failure. They have identified 21 mission-critical business process areas as high risk for business disruption should they fail to work. These include risks to the payroll runs, financial data conversion from the old to new systems and existing procurement software properly interfacing with the new system. Our analysis and discussion with system users show that tests do not ensure end-to-end system reliability in actual operating conditions with optimized system interface performance. Also, the contingency plans do not address worst case scenarios because risk of a failure was determined to be low. As a result, the plans do not adequately address user concerns about how certain critical processes such as payroll runs will be continued if there is a failure. We understand that addressing these issues involves time and resources. However, given the significance of the potential business disruption, the additional benefits of risk reduction could represent a prudent investment of resources.

4 TABLE OF CONTENTS BACKGROUND... 1 OBJECTIVE... 3 RESULTS OF AUDIT... 4 The implementation approach does not fully address risk of business disruptions...4 Potential disruptions to business operations can be severe...5 Implementation concept is large and complex...5 Past internal experiences and comparison to best practices raise concerns...6 The decisions to change the design strategy increased complexity and cost...8 The deployment strategy calls for implementing all systems at once...11 Testing and contingency planning gaps remain...11 CONCLUSIONS RECOMMENDATIONS MANAGEMENT COMMENTS AND AUDIT REPSONSE APPENDIX A MANAGEMENT COMMENTS APPENDIX B SCOPE AND METHODOLOGY APPENDIX C TEAM MEMBERS... 21

5 BACKGROUND In 2008, Amtrak launched a company-wide, multi-year effort called the Strategic Asset Management (SAM) program. The program s goal is to improve key operational, financial, supply chain, and human resource processes by replacing or enhancing many inefficient manual and automated systems with new systems and business processes. Amtrak officials currently estimate that the SAM program will cost up to $401 million; of which about $145 million has been spent as of March Achieving the program s goal is important and should result in more timely and reliable information for financial reporting, management decision-making, and operations performance improvements. Another envisioned program benefit is to improve the quality and flow of information by breaking down information-sharing barriers among departments. The program is also anticipated to help Amtrak meet the cost accounting and cost allocation requirements mandated by the Passenger Rail Investment and Improvement Act of 2008 (PRIIA 1 ). The critical automated systems in the new environment will be SAP Enterprise Resource Planning (ERP 2 ), Maximo Asset Management 3, and Ariba 4. SAP will interface with 32 other specialized software applications including PowerPlant 5. SAP Public Budget Formulation (PBF 6 ) software is also planned to be implemented by October Public Law No enacted on October 16, SAP (ERP) software can process enterprise-wide data from various business areas such as finance, procurement, payroll, and sales and distribution. Amtrak s human resources and payroll functions are currently processed in SAP. Maximo Asset Management software unifies comprehensive asset life cycle and maintenance management on a single automated database. The Engineering department currently uses Maximo to manage rail infrastructure activities. 4 Ariba software automates procurement business functions, such as spend management, contract management and supplier management. Amtrak is currently using Ariba for purchase requisitioning, travel and expense, procurement cards, and payment requests. 5 6 PowerPlant software will record and manage transactions related to Amtrak s assets. Amtrak bought the PowerPlant software because of its capability to calculate group depreciation. PowerPlant will calculate depreciation for Amtrak s assets and provide asset valuation information to SAP for financial reporting. Public Budget Formulation (PBF) is an SAP budgeting software designed to help manage government grants. This application was not commercially available when the SAM program started.

6 Amtrak established the governance structure described below to guide the SAM program s decision making process for R1a. The Enterprise Strategic Systems Steering Committee (ESSSC) consisting of senior executives provides strategic guidance to the SAM program. Two SAM program sponsors 7, Chief Financial Officer (CFO) and Chief Information Officer (CIO) guide program scope and approach decisions. Process Leadership Team (PLT 8 ) approves process designs and is collectively responsible for SAM process ownership. Program Management Office manages program scope, schedule and budget issues, risks, and integration between different business departments and Team Leads. Team Leads provide leadership for completion of specific program milestones 9. SAM program implementation documents show that the program is divided into three segments. 1. The first segment is generally referred to as Release 1a or R1a. R1a is currently scheduled to be implemented in June 2011, two months later than the original implementation date of April According to the SAM management 10, the delay in the R1a implementation to June 2011 was primarily caused by the issues encountered during the development and testing of multiple systems that will interface with SAP. The delay costs about $8 million a month. SAM management originally estimated the cost of R1a at $135 million; however, in March 2011, the cost estimate was revised to $183.3 million or a 36% increase over the original estimate. The R1a segment will reengineer business processes and provide new automated capabilities for most finance and materials management business processes using SAP and PowerPlant software. This segment will also enhance procurement work process capabilities using the existing Ariba software. These are critical business activities for Amtrak. These systems will control financial reporting of revenues of $2.5 billion, federal subsidies of $1.6 billion, and expenses of $3.7 billion as reported in Amtrak s FY2010 financial statements. Further, SAP will be controlling inventory reporting and management of $213 million as of September 30, The Chief Operating Officer was a program sponsor until Amtrak abolished the position effective October 22, Process Leadership Team (PLT) is comprised of the office heads from all SAM impacted business areas. Milestone is the end of a stage that marks the completion of a work package in a project. The term SAM management refers to SAM sponsors, Process Leadership Team (PLT) members, and program team leads. 2

7 The R1a segment has five phases: solution definition, design, build, test, and deployment phases. As of early May 2011, the program was in the test phase. In July 2008, SAM management contracted with the system integrator, Accenture, to support the R1a implementation. In March 2009, Amtrak s Board of Directors approved up to $118 million to fund the Accenture contract. 2. The second segment, referred to as Release 1b or R1b, will primarily focus on migrating train equipment maintenance capabilities from Spear 11 to Maximo software with the goal of creating one Enterprise Asset Management (EAM 12 ) system. Also, capabilities in Maximo will be enhanced to help manage and maintain train equipment and rail infrastructure assets; work order 13 tracking; and tighter integration of business processes with SAP, particularly materials inventory planning and management. The scope of R1b segment is currently being defined by the SAM management. In April 2011, Amtrak s Board of Directors approved $2.5 million for FY2011 to begin work on the second segment. 3. The third segment, referred to as Release 2 or R2, was planned to integrate train operations in Maximo and implement treasury management 14 capabilities in SAP. However, plans to integrate train operations in Maximo were removed from the R2 scope in mid As of April 2011, the scope of R2 segment has not been clearly defined and finalized. OBJECTIVE Our reporting objective was to determine whether the SAM R1a s implementation approach effectively addresses business disruption risks. This report focuses on the R1a segment planning and implementation. However, this report also provides information that is useful to developing and managing the SAM program s remaining segments. 11 Spear is the asset management software to help manage maintenance of train cars and locomotives. Amtrak s Mechanical department is using Spear to record maintenance data of train equipment. 12 Enterprise Asset Management (EAM) is a system to help manage assets such as tracks, buildings, and train equipment by integrating work management, materials management, and procurement functions Work order is a process document used by business operations to initiate and manage service requests, and record cost elements such as labor and material for completing the service requests. Treasury Management refers to the business function of managing Amtrak s cash flows and debt obligation. 3

8 Due to the fast moving nature of the program, we conducted the audit in a transparent manner by regularly engaging with Amtrak management so that the risks and issues identified could be addressed in a timely manner. To further keep SAM program managers appraised about the results of our work, we met with the management on November 17, At that meeting, we discussed our preliminary key findings and recommendations so that timely corrective actions could be taken as we completed our work. We also issued a report on SAM program s internal controls design on January 14, For management s comments, see Appendix A. For a detailed discussion of the audit scope and methodology, see Appendix B. For the team members, who contributed to this report, see Appendix C. RESULTS OF AUDIT THE IMPLEMENTATION APPROACH DOES NOT FULLY ADDRESS RISK OF BUSINESS DISRUPTIONS The SAM program managers developed an R1a implementation approach that calls for deployment of a large and complex set of business process changes within an aggressive timeframe. SAM program managers recognize that this approach creates business disruptions risk that could be costly, and adversely affect customer service. The key risk factors are related to (1) the large scope, complexity and relatively short implementation schedule; (2) design changes that added complexity and cost; and (3) a deployment strategy that will provide little opportunity to go back to the old system should significant problems occur. SAM program managers have taken a number of testing and contingency planning steps to reduce business disruption risks. However, some key gaps remain in these areas. 15 OIG Audit Report No Strategic Asset Management Program Controls Design Is Generally Sound, But Improvements Can Be Made was issued on January 14,

9 I. Potential disruptions to business operations can be severe SAM team has identified 21 mission-critical business process areas as high risk for business disruption should they fail to work. These include risks to the payroll runs, financial data conversion from the old to new systems, and existing procurement software properly interfacing with the new system. If R1a does not deploy as planned, business operations can be seriously disrupted. In the worst case scenario, Amtrak may not be able to perform any or all of the following critical business functions: Run employee payroll, or pay employees correctly or on time; Order materials to repair and maintain train equipment and tracks, which can adversely impact train operations, customer satisfaction, and revenue generation; Maintain adequate cash flow if lower visibility of available inventory levels result in acquiring surplus materials; Pay vendors correctly or timely, which can result in non-delivery of goods and services; Collect and allocate correct cost elements, which can result in inaccurate billing to commuter railroads and business partners; and Prepare accurate financial statements, which can result in adverse financial audit opinion, and thereby jeopardizing Amtrak s credibility with congress and lenders. II. Implementation concept is large and complex The SAM program planned to accomplish the following design and implementation tasks in the R1a segment between June 2009 and June Replace legacy automated and manual systems in the Finance and Materials Management areas with mainly SAP ERP system, impacting financial data of over $10 billion in assets and job duties of about 1,600 employees. Develop 81 software interfaces to exchange financial and inventory information in SAP with 32 other applications in business areas such as Procurement, Mechanical, and Engineering. Each of these business areas use sophisticated automated systems that need significant enhancement or modification to accommodate exchange of information with SAP. Initiate a culture change that breaks down information-sharing barriers among largely insular departments, and encourage employees to work together using new systems and processes. 5

10 III. Past internal experiences and comparison to best practices raise concerns To assess the risks associated with the implementation approach, we compared the R1a s implementation approach to internal and external ERP implementation efforts. Internally, we noted Amtrak has experienced problems in implementing IT projects. Externally, we noted the R1a s implementation approach, when compared to best practices in the private and public sectors, was more aggressive and complex. Amtrak experienced problems during past and current IT initiatives Amtrak has experienced problems in implementing ERP projects. When Amtrak upgraded its SAP Human Resources (HR)/Payroll system and implemented Employee Information Management (EIM 16 ) system in 2007, a program smaller in scope compared to R1a, it experienced problems during the transition. After transitioning to the revamped SAP HR/Payroll system in early 2007, vacation pay adjustments exceeded the normal volume by $907,000 or 163%. The adjusted vacation pay of agreement employees 17 in January-February of 2007 was $1,465,000 compared to the average adjustments of $558,000. Also, problems were encountered during the migration of Amtrak s online reservation and ticketing system to a new data center on April 17, 2011 that impacted business operations. In FY2010, Amtrak generated 58% of its $1.9 billion in ticket sales from Amtrak.com website and station ticket kiosks. However, Amtrak s online booking system and station kiosks were down or performed very slowly for almost three days after the move to the new data center. Amtrak could not handle such an emergency in a timely manner, and was forced to partially roll back to the old data center beginning April 19, 2011, three days after the issue was encountered. The system outage hampered Amtrak s ticket sales, and increased the call volume and employee overtime costs at the call centers. The SAM program s dependency on the current Information Technology Infrastructure Improvement (ITII 18 ) program also adds risk to the R1a implementation schedule. Meeting the Employee Information Management (EIM) program s goal is to enhance Amtrak s Human Capital Management using SAP capabilities such as e-learning; employee and manager self-service; e-recruiting; and portal access. Agreement employees are Amtrak s union employees covered by collective bargaining labor agreements. 18 IT department created the Information Technology Infrastructure Improvement (ITII) program to implement new service agreements with IBM and AT&T. In early 2009, Amtrak contracted with IBM to provide the data center and desktop support services; and AT&T to provide data and voice network services. As part of these agreements, IBM is primarily responsible for migrating Amtrak s servers to two new data centers. 6

11 R1a schedule is heavily dependent on the capacity and timely availability of server and network infrastructure. However, the ITII program schedule for migrating all of Amtrak s servers to new data centers is significantly behind schedule. R1a program has already suffered the loss of one week worth of critical development and testing work due to the issues related to the ITII program. Approach is more aggressive and complex than industry and public sector best practices To reduce risks, it has become a standard practice in both the private and public sector to divide large complex ERP initiatives into smaller segments, each of which delivers incremental functional benefits. Amtrak has partly done this, but the R1a segment is still relatively large. Amtrak s SAP implementation approach compared to Canadian National (CN) railroad shows that it took CN more than four years (between 1999 and 2002) to accomplish the scope of tasks the SAM program plans to achieve in about two years. CN has been progressively implementing and effectively using SAP for the last twelve years in many of its business areas, and has become an ERP implementation success story in the railroad industry. Figure 1 below compares Amtrak s R1a with CN s roughly similar scope of work. Although many internal and external factors differentiate Amtrak from CN s business model and risk taking ability, it shows that Amtrak has chosen an aggressive implementation strategy. CN chose a cautious incremental implementation approach. CN divided the work equivalent to the R1a segment into 4 smaller segments with most of the implementation work occurring between 1999 and 2002 in 3 segments of months. 7

12 Figure 1: Amtrak s R1a versus Canadian National (CN) railroad implementation * Besides modernizing its automated and manual systems between 1999 and 2006, CN also integrated systems of four railroads it acquired during the period into SAP. Source: OIG Analysis of Amtrak and CN data Furthermore, in order to reduce risks, the Federal government is now working to enforce its long standing strategy of reducing the scope of its large IT projects into smaller segments. The Office of Management and Budget (OMB 19 ) in June 2010 required large Federal IT projects to be split into smaller, simpler segments with a maximum of 120 days to meet each project milestone, and 24 months to complete the entire segment from start to finish. IV. The decisions to change the design strategy increased complexity and cost During the program implementation, decisions were made to diverge from the original SAP- Maximo only strategy. This increased the program s complexity because single end-to-end business process such as procure to payment will use multiple systems rather than a single software application. Information stored in multiple software applications will increase the need 19 OMB memorandum M Reforming the Federal Government s Efforts to Manage Information Technology Projects dated June 28,

13 for data interfaces, reduce operational transparency, increase maintenance cost, and reduce savings. Also, information-sharing barriers will continue to exist. Design strategy changes The SAM program started with a strategic vision of consolidating many of Amtrak s outdated and disjointed systems into single, integrated SAP ERP software. After investing considerable time and resources in researching the optimum enterprise design solution, Amtrak executives decided on a two application software strategy: (1) SAP ERP to support Amtrak s back office processes such as finance and procurement, and (2) Maximo EAM to support Amtrak s core business operations such as maintenance of rail infrastructure and train equipment. In March 2009, Amtrak s Board of Directors approved SAM program funding based on this strategy. However, during the R1a implementation work, SAM sponsors changed the strategy from SAP- Maximo only solution to the Best of Breed solution (i.e. choosing different software applications based on their areas of specialization such as finance or materials management). Amtrak acquired PowerPlant software in October 2009 to perform group depreciation 20 of fixed assets, and PBF software in January 2010 for financial planning and budgeting. The SAM sponsors originally planned to replace Ariba with SAP when they decided on SAP-Maximo only strategy, but that decision was later reversed. A senior IT official at CN stated that CN started by integrating SAP with Best of Breed software applications. However, the company soon learned that maintaining multiple systems was overly complex, inefficient, and costly. CN later changed its strategy to SAP-only approach, and started achieving significantly higher benefits. SAM sponsors stated that PBF and PowerPlant were bought for their strategic importance. However, we found that these specialized software not only increased the complexity and risks, the business justification documents show that they had negative return on investment with limited strategic value. Our analysis of the decisions to add PBF, PowerPlant and Ariba software to the SAM strategy showed the following: The business case for PBF is not compelling. SAM management originally estimated PBF would cost $8.4 million to purchase and implement. This estimate has since grown to $11.2 million, an increase of about $3 million or 36%. Amtrak has spent $3 million on PBF implementation through February In contrast, the total cost of continuing with the 20 Group Depreciation is a method of collectively depreciating similar assets with the same useful life. 9

14 existing SAP BPC (BusinessObjects Planning and Consolidation 21 ) software would have been $450,000 as estimated by the SAM management. The Net Present Value (NPV 22 ) calculated to justify the purchase of PBF was already a negative $8.7 million prior to the $3 million increase in cost estimate. SAM management took an action in January 2011 to reduce the program risk by postponing the implementation of PBF software until October PBF software was added to the R1a scope by the program sponsors in January 2010, seven months after the R1a design tasks began in June Work on implementing and integrating PBF software with the rest of the R1a segment has faced difficulties, and is significantly behind schedule and over budget. This reduction in the R1a scope should help management to focus on implementing the core R1a components by June The business case for PowerPlant is not compelling. PowerPlant is specialized add-on software that calculates group depreciation and interfaces with SAP to provide asset valuation information for financial reporting. SAM management estimates that PowerPlant will cost $1.5 million to implement, and payback period will be over 20 years. Amtrak s accounting practice is to use the group depreciation method to depreciate its fixed assets such as train equipment and rail infrastructure. Using SAP s core functionality as originally planned to group depreciate its assets would have required modification of the standard SAP software application. Modification of standard SAP software is usually not a best practice, but according to SAM management s estimates, Amtrak s cost to build group depreciation capability in SAP would have been $643,000, $857,000 less than deploying PowerPlant. A cost benefit analysis was not done between Ariba and SAP. The Procurement department has been enhancing Ariba s capabilities and reengineering business processes to address several issues raised in the Government Accountability Office report in October We could not find any evidence that cost-benefit analysis was prepared to justify retaining Ariba versus replacing it with SAP ERP SAP BPC is a budgeting tool currently used by Amtrak for collecting budget requests from departments in spreadsheets, and consolidating them for financial planning and management purposes. The Net Present Value (NPV) is an estimation of the financial benefit of an investment based on the value of expected cash flows. Companies in the private industry usually fund projects that yield high positive NPV. GAO Audit Report No.GAO Amtrak Management: Systemic Problems Require Actions to Improve Efficiency, Effectiveness, and Accountability issued on October 4,

15 V. The deployment strategy calls for implementing all systems at once Amtrak is transitioning from its old systems to multiple new and complex systems all at once. This is commonly called Single Deployment. The single deployment approach is preferable from an IT perspective because it provides for efficient utilization of technical resources. However, it increases risk from the continuity of business and change management perspective. This risk, as discussed earlier, is tied to business process breakdowns if the new systems do not function according to plan after they are deployed. According to the latest plans, R1a deployment starts on May 25, 2011 and will end on June 14, 2011 with the cutover efforts to the new systems starting on June 1, The deployment strategy provides for checkpoints prior to a one-day window to make a go no-go decision. Due to the costs and complexity, there are no plans to roll back to the old systems after that one-day window closes. The plan is to move forward with the new systems and fix the issues as they arise. In response to a draft of this report, SAM management indicated that Amtrak can roll back to the old systems until June 8, 2011 if required. VI. Testing and contingency planning gaps remain In early May 2011, SAM was in the test phase, which involves validating system capabilities, performance and availability. Extensive testing has been done to help ensure R1a s successful deployment. However, some key testing gaps remain and business process change issues remain unanswered. Further, contingency plans that have been developed by the business process owners are minimal in nature and largely assume a high probability of successful deployment and low probability of system failures. SAM testing reveals system performance and data cleansing issues In early 2011, Amtrak tested nine end-to-end business processes to ensure that exchange of pertinent data among SAM impacted software applications produce accurate and complete results. According to SAM program teams, these tests were successful. However, based on our analysis and concerns raised by system users we noted the following: Issues found by SAP AG Corporation during quality assurance testing as reported in March 2011 raise concern over timely processing of data among 81 interfaces. SAP AG tested the performance of nine critical interfaces. In seven of the nine interfaces tested, SAP AG found issues such as suboptimal system configuration settings that could slow system performance. 11

16 While SAM management has fixed the issues identified in these nine interfaces; they do not plan to review the remaining 72 interfaces for similar issues that could potentially hamper system performance. Data cleansing and conversion from the old to new systems is facing some quality issues, particularly in the areas of materials management and procurement. SAM program teams are still working to resolve issues related to inconsistent material descriptions across different materials stores as well as loading blanket and open purchase orders into the new system. User testing was mainly performed in a controlled environment out of one location, and only key transactions were tested from selected locations across the country. Since extensive user testing from different locations across the country under actual conditions (such as local network capacity and new data center) has not been performed, the system performance has not been tested in a realistic operational environment. Also, while servers have been successfully stress tested, stress testing simulating the expected user traffic from the field locations has not been performed to provide assurance that the network infrastructure is adequate. According to SAM management, the load on Amtrak s network is not expected to increase because new users are not being added, and SAP s client software will be installed on each user s desktop to minimize the network traffic between the users desktops and servers. Amtrak is currently attempting to resolve the issues encountered by procurement buyers in Los Angeles who cannot transmit large scanned contract documents in Ariba. Inadequate system performance can hamper Amtrak s ability to work efficiently and effectively. SAM management acknowledged that there might be some performance issues, but believe they have conducted adequate testing to minimize them. They have decided to deal with any potential performance issue as and when they arise during the deployment. To minimize the deployment risk, Amtrak is also performing four mock cutover tests that simulate the June 2011 deployment. These mock tests provide SAM management meaningful lessons to improve the deployment strategy. Our review of these tests showed the following: While SAM management has completed three of the four mock cutover tests through March 2011; only the third mock test came close to simulating the real deployment efforts. Mock 1 and 2 mainly tested whether SAP can be deployed successfully; but it did not fully test the integration with the 32 interfacing systems. 12

17 In Mock 3, six of the 32 systems interfacing with SAP did not participate. For example, Exacta, a warehouse inventory management system critical for Amtrak s operations, was not included in the Mock 3 test. According to Payroll managers, even though the Mock 3 completed all deployment tasks as planned, data converted to the new system was incomplete and unreliable. The Mock 4 test started on April 18, 2011 and is scheduled to be completed on May 11, Two of the 32 interfacing systems were not included in Mock 4. SAM program teams plan to fix issues found during Mock 4; however, they will have very limited time to do so before the deployment begins on May 25, As of May 6, 2011, Mock 4 test was 34 hours behind schedule due to a number of issues encountered such as server not being available at the new data center and some systems not performing as efficiently as anticipated. Contingency planning does not fully address continuity of business operations Preparing a contingency plan to ensure continuity of business operations is a best business practice. As recommended by SAP AG in February 2011, the subject matter experts on SAM program team prepared contingency plans if new system could not be brought into service after the blackout period 24. However, our review showed that the disaster recovery or contingency plans are not detailed enough for critical business procedures that cannot be processed manually beyond two to seven days of the anticipated blackout period. SAM subject matter experts believe the probability of systems not being available beyond the blackout period is low. Therefore, if significant problems are experienced, employees will have to continue to use manual forms and procedures beyond two to seven days. Business managers have expressed concerns that such manual processing could not be sustained too long without impacting the operations. They also shared our concerns regarding gaps in testing and contingency planning. Payroll managers are very concerned about SAP not being available due to failed or delayed deployment, and therefore have requested a contingency server to be able to pay salaries and wages on a timely basis. SAM management has not focused on standing up contingency servers or rolling back to old systems to mitigate the risk of failed or delayed deployment. 24 Blackout period is the time when none of the SAM impacted systems will be available for use. Business users will complete activities such as creation of a purchase order, receipt or issue of goods, and payment to vendors by manually filling out forms and keeping a log of all transactions for entry into the new system after it is successfully deployed for use. 13

18 In light of the recent issues encountered during the mock testing and in moving Amtrak s online reservation and ticketing system to the new data center, it is vital that Amtrak management is well prepared to handle any significant issues that may arise during R1a deployment. CONCLUSIONS The R1a s implementation approach recognizes that business disruption risks exist, and includes testing and contingency planning to address these risks. However, the testing plans have gaps in the areas of system interfaces, overall system performance, data quality, and network infrastructure. Also, business areas do not have adequate business continuity plans to deal with extended or severe business disruptions. We understand that addressing these issues involves time and resources. At the same time, the extent of additional testing and contingency planning represents a trade-off between mitigating risks and accepting a certain level of risks. On balance, given the significant nature of the identified business disruption risks, testing and contingency planning gaps, and user concerns, it appears that risk mitigation efforts represent a prudent investment of resources. On issues separate from the R1a implementation, the business cases have not been convincingly made for using the PBF and Ariba software instead of SAP. Lastly, lessons can be learned from the industry best practices related to the advantages of reducing the scope and complexity of ERP implementation segments. RECOMMENDATIONS To help reduce the risks of R1a deployment failure, we recommend that the SAM program sponsors take the following actions prior to R1a implementation and in coordination with the ITII program: 1. Ensure system performance is optimized for all interfaces. 2. Resolve any remaining significant data cleansing and conversion issues to ensure data quality and reliability. 14

19 3. Ensure that the network infrastructure is adequate to handle the expected user traffic from different locations across the country. 4. Prepare detailed contingency plans to ensure business continuity beyond two to seven days blackout period for critical business process areas. 5. Involve the Process Leadership Team members in making a go no-go decision to move forward with the R1a deployment. To help reduce the implementation risks of future segments, we recommend that the SAM program sponsors take the following actions: 6. Reevaluate the business case for using PBF versus SAP BPC; and prepare a business case for using Ariba versus SAP ERP by taking into consideration the lessons learned by CN railroad. Replace these specialized software applications with SAP if the business case shows favorable return on investment and significant long term strategic value. 7. In developing R1b and R2 implementation plans, follow the best practices such as dividing the program into smaller and manageable segments of months with clear business justification and favorable return on investment. MANAGEMENT COMMENTS AND AUDIT REPSONSE On May 17, 2011, we provided Amtrak officials a draft of this report for their review and comments. Management agreed with all our recommendations except the one related to the reevaluation of the business case for implementing PBF and Ariba software. For each recommendation where they agreed, they cited ongoing and planned actions. If properly implemented, the cited actions should address the intent of our recommendations. At the same time, we note that the implementation approach continues to carry certain risks particularly as it relates to the limited testing of the network infrastructure s capacity. Management was reluctant to consider replacing PBF and Ariba software in near future stating that this would require writing off the current capital investment and potentially require further investment. However, we continue to believe management should reevaluate the business case for implementing PBF and Ariba. As one of the earliest adopters of PBF, Amtrak is likely to face significant risks and issues such as software bugs, lack of needed software capabilities; and shortage of qualified software experts for implementation and support. Currently only one 15

20 public entity, City of San Diego, has implemented PBF in the United States. Also, budget managers in Amtrak s major departments have expressed concerns over the complexity and inefficiency of entering and managing budget information in PBF. On the other hand, the existing SAP BPC software has high degree of user acceptance because of its ease in entering and updating budget information. Furthermore, implementation of Ariba will increase the complexity and cost of maintaining multiple interfaces, and reduce the potential benefits from a single ERP solution. Management s complete comments are in Appendix A. Management also provided technical comments on certain aspects of the report for our consideration. We considered these comments and incorporated them into this report where appropriate. 16

AUDIT PLAN FOR FISCAL YEAR 2016 This page intentionally left blank. NATIONAL RAILROAD PASSENGER CORPORATION Office of Inspector General NATIONAL RAILROAD PASSENGER CORPORATION INSPECTOR GENERAL S MESSAGE

CBP Acquisition of Aviation Management Tracking System OIG-12-104 (Revised) August 2012 August 31, 2012 Background The (DHS) has the world s largest law enforcement aviation organization. Both U.S. Customs

GAO United States Government Accountability Office Report to the Chairman, Committee on Small Business, House of Representatives January 2012 INFORMATION TECHNOLOGY SBA Needs to Strengthen Oversight of

STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY U.S. HOUSE OF REPRESENTATIVES

John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information

U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Controls Over EPA s Compass Financial System Need to Be Improved Report No. 13-P-0359 August 23, 2013 Scan this mobile code to learn more

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department

The Department of the Treasury s HR Connect Human Resources System Was Not Effectively Implemented February 2005 Reference Number: 2005-10-037 This report has cleared the Treasury Inspector General for

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Energy Information Administration s Information Technology Program DOE-OIG-16-04 November 2015 Department

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Bonneville Power Administration's Information Technology Program DOE/IG-0861 March 2012

DODIG-2013-105 July 18, 2013 Navy Did Not Develop Processes in the Navy Enterprise Resource Planning System to Account for Military Equipment Assets Additional Copies To obtain additional copies of this

U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum ACTION: Report on Computer Security Controls of Financial Management System, FTA FE-2000-098

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department

it ort YEAR 2000 COMPLIANCE OF THE STANDARD ARMY MAINTENANCE SYSTEM-REHOST Report Number 99-165 May 24, 1999 Office of the Inspector General Department of Defense Additional Copies To obtain additional

THE DEPARTMENT OF JUSTICE S LITIGATION CASE MANAGEMENT SYSTEM U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 09-22 March 2009 TABLE OF CONTENTS Page THE DEPARTMENT

Audit of Controls Over Contract Payments FINAL AUDIT REPORT ED-OIG/A07-A0015 March 2001 Our mission is to promote the efficient U.S. Department of Education and effective use of taxpayer dollars Office

Performance Audit Concurrent Review: ERP Pre-Solicitation April 2002 City Auditor s Office City of Kansas City, Missouri 24-2001 April 10, 2002 Honorable Mayor and Members of the City Council: We conducted

Page 2 of 10 Scope and Objectives We reviewed the backup and disaster recovery processes utilized by DOH for information applications/systems managed by IT over the last three years. This review included

SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration

Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General

U.S. Department of Education Office of Inspector General Five-Year Strategic Plan Fiscal Years 2014 2018 Promoting the efficiency, effectiveness, and integrity of the Department s programs and operations

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL AUDIT SERVICES August 24, 2015 Control Number ED-OIG/A04N0004 James W. Runcie Chief Operating Officer U.S. Department of Education Federal

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Efforts to Update Aging Computer Hardware Are Underway, but Program Improvements Are Needed to Minimize Risks November 6, 2007 Reference Number: 2008-20-002

Department of Homeland Security Office of Inspector General Vulnerabilities Highlight the Need for More Effective Web Security Management (Redacted) OIG-09-101 September 2009 Office of Inspector General

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION THE IMPACT ON NETWORK SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S OPERATING SYSTEMS CONVERSIONS September 2004 A-14-04-24019 AUDIT REPORT

SENTINEL AUDIT V: STATUS OF THE FEDERAL BUREAU OF INVESTIGATION S CASE MANAGEMENT SYSTEM U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 10-03 November 2009 Redacted

STATEMENT OF BRENT ARRONTE DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS AND EVALUATIONS OFFICE OF INSPECTOR GENERAL DEPARTMENT OF VETERANS AFFAIRS BEFORE THE COMMITTEE ON VETERANS AFFAIRS UNITED STATES

OFFICE OF INSPECTOR GENERAL Audit Report Audit of the Data Management Application Controls and Selected General Controls in the Financial Management Integrated System Report No. 14-12 September 30, 2014

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department of Energy's Management and Use of Mobile Computing Devices and Services DOE/IG-0908 April

OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACT WITH DELL MARKETING, L.P., FOR MICROSOFT LICENSING AND MAINTENANCE September 2011 A-06-10-10175 AUDIT REPORT Mis s ion By conducting

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938

The Certification and Accreditation of Computer Systems Should Remain in the Computer Security Material Weakness August 2004 Reference Number: 2004-20-129 This report has cleared the Treasury Inspector

An Audit Report on The Health and Human Services Commission s Consolidation of Administrative Support Functions Report No. 06-009 John Keel, CPA State Auditor An Audit Report on The Health and Human Services

WRITTEN TESTIMONY OF TERENCE MILHOLLAND CHIEF TECHNOLOGY OFFICER INTERNAL REVENUE SERVICE BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE ON IRS LEGACY INFORMATION TECHNOLOGY SYSTEMS MAY 25,

The Audit Trail System for Detecting Improper Activities on Modernized Systems Is Not Functioning August 2004 Reference Number: 2004-20-135 This report has cleared the Treasury Inspector General For Tax

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Follow-up Audit of the Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks

OFFICE OF INSPECTOR GENERAL UNITED STATES POSTAL SERVICE Trends and Systemic Issues in Defense Contract Audit Agency Audit Work for Fiscal Years 2009-2012 Management Advisory Report Report Number March

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Management of Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 Department